Fri, Jan 23 2009 6:57
Centralized Information About The Conficker Worm
Since the time Microsoft released security update MS08-067, we have released information about MS08-067 exploits and specifically about the Conficker worm in our malware encyclopedia
and in multiple blog posts for example here. This blog provides a
summary of the available information Microsoft has provided on the
Conficker worm and the vulnerability it exploits, which Microsoft
addressed with MS08-067.
First, we outline the various attack vectors because it’s important
for customers to understand that the Conficker worm utilizes a variety
of attack vectors to infect machines. Based on this analysis we follow
up with guidance for what customers can do to protect themselves. The
first and most important piece of guidance is to immediately deploy the
security update associated with Microsoft Security Bulletin MS08-067,
if you haven’t already. However, because this worm utilizes a number of
additional vectors of attack we provide additional information and
guidance to help you build a defense in depth approach. Finally, we
close with information and pointers to how to clean up your machine
using the Microsoft Malicious Software Removal Tool.
Let’s examine again the ways this worm spreads. So far, only two
variants of the worm have been discovered in the wild. The first one, Worm:Win32/Conficker.A, was first reported Nov. 21, 2008 and propagates only by exploiting the vulnerability addressed by security update MS08-067.
This variant avoids infecting computers that use Ukrainian keyboard
layout and that raised the suspicion that the malware developer is
located in Ukraine. Worm:Win32/Conficker.B, the second variant, was reported Dec. 29, 2008. This variant uses multiple propagation methods:
Filed under: News